From 0d7cbcde9febd270883a41da089a7f969846cc73 Mon Sep 17 00:00:00 2001 From: xiaomlove <1939737565@qq.com> Date: Thu, 13 Feb 2025 01:48:33 +0800 Subject: [PATCH] personal access token create and del --- .../Controllers/AuthenticateController.php | 44 +++++++++++++++ app/Http/Middleware/VerifyCsrfToken.php | 3 +- app/Models/PersonalAccessTokenPlain.php | 11 ++++ ...eate_personal_access_token_plain_table.php | 29 ++++++++++ public/usercp.php | 55 ++++++++++--------- routes/web.php | 2 + 6 files changed, 118 insertions(+), 26 deletions(-) create mode 100644 app/Models/PersonalAccessTokenPlain.php create mode 100644 database/migrations/2025_02_09_231747_create_personal_access_token_plain_table.php diff --git a/app/Http/Controllers/AuthenticateController.php b/app/Http/Controllers/AuthenticateController.php index 4781e989..85a0bc82 100644 --- a/app/Http/Controllers/AuthenticateController.php +++ b/app/Http/Controllers/AuthenticateController.php @@ -2,9 +2,11 @@ namespace App\Http\Controllers; +use App\Exceptions\NexusException; use App\Http\Resources\ExamResource; use App\Http\Resources\UserResource; use App\Models\LoginLog; +use App\Models\PersonalAccessTokenPlain; use App\Models\Setting; use App\Models\User; use App\Repositories\AuthenticateRepository; @@ -103,4 +105,46 @@ class AuthenticateController extends Controller return response()->json(["success" => false, "msg" => $exception->getMessage()]); } } + + public function addToken(Request $request) + { + try { + $request->validate([ + 'name' => 'required|string', + ]); + $user = Auth::user(); + $count = $user->tokens()->count(); + if ($count >= 5) { + throw new NexusException("Token limit exceeded"); + } + $newAccessToken = $user->createToken($request->name); + PersonalAccessTokenPlain::query()->create([ + 'access_token_id' => $newAccessToken->accessToken->getKey(), + 'plain_text_token' => $newAccessToken->plainTextToken, + ]); + return $this->success(true); + } catch (\Exception $exception) { + return $this->fail(false, $exception->getMessage()); + } + } + + public function delToken(Request $request) + { + try { + $request->validate([ + 'id' => 'required|integer', + ]); + $user = Auth::user(); + $token = $user->tokens()->where("id", $request->id)->first(); + if ($token) { + PersonalAccessTokenPlain::query()->where("access_token_id", $token->id)->delete(); + $token->delete(); + } + return $this->success(true); + } catch (\Exception $exception) { + return $this->fail(false, $exception->getMessage()); + } + } + + } diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php index a082ad95..041ba9a7 100644 --- a/app/Http/Middleware/VerifyCsrfToken.php +++ b/app/Http/Middleware/VerifyCsrfToken.php @@ -13,6 +13,7 @@ class VerifyCsrfToken extends Middleware * @var array */ protected $except = [ - self::TG_WEBHOOK_PREFIX . "/*" + self::TG_WEBHOOK_PREFIX . "/*", + "web/token/*", ]; } diff --git a/app/Models/PersonalAccessTokenPlain.php b/app/Models/PersonalAccessTokenPlain.php new file mode 100644 index 00000000..8c66a5d7 --- /dev/null +++ b/app/Models/PersonalAccessTokenPlain.php @@ -0,0 +1,11 @@ +id(); + $table->bigInteger('access_token_id')->unsigned(); + $table->string("plain_text_token"); + $table->timestamps(); + }); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + Schema::dropIfExists('personal_access_token_plains'); + } +}; diff --git a/public/usercp.php b/public/usercp.php index 2fb801a8..3837572d 100644 --- a/public/usercp.php +++ b/public/usercp.php @@ -3,7 +3,7 @@ require "../include/bittorrent.php"; dbconn(); require_once(get_langfile_path()); loggedinorreturn(); - +$userInfo = \App\Models\User::query()->findOrFail($CURUSER["id"], \App\Models\User::$commonFields); function bark($msg) { stdhead(); global $lang_usercp; @@ -940,6 +940,7 @@ EOD; } stdhead($lang_usercp['head_control_panel'].$lang_usercp['head_home']); +\Nexus\Nexus::js('vendor/jquery-loading/jquery.loading.min.js', 'footer', true); usercpmenu (); //Comment Results $commentcount = get_row_count("comments", "WHERE user=" . sqlesc($CURUSER["id"])); @@ -1126,24 +1127,22 @@ $tokenLabel = nexus_trans("token.label"); $columnName = nexus_trans('label.name'); $columnCreatedAt = nexus_trans('label.created_at'); $actionCreate = nexus_trans('label.create'); -//$res = \App\Models\SeedBoxRecord::query()->where('uid', $CURUSER['id'])->where('type', \App\Models\SeedBoxRecord::TYPE_USER)->get(); -//if ($res->count() > 0) -//{ -// $seedBox .= ""; -// foreach ($res as $seedBoxRecord) -// { -// $seedBox .= ""; -// $seedBox .= sprintf('', $seedBoxRecord->id); -// $seedBox .= sprintf('', $seedBoxRecord->operator); -// $seedBox .= sprintf('', $seedBoxRecord->bandwidth ?: ''); -// $seedBox .= sprintf('', $seedBoxRecord->ip ?: sprintf('%s ~ %s', $seedBoxRecord->ip_begin, $seedBoxRecord->ip_end)); -// $seedBox .= sprintf('', $seedBoxRecord->comment); -// $seedBox .= sprintf('', $seedBoxRecord->statusText); -// $seedBox .= sprintf('', $lang_functions['text_delete'], $seedBoxRecord->id); -// $seedBox .= ""; -// } -// $seedBox .= '
ID{$columnOperator}{$columnBandwidth}{$columnIP}{$columnComment}{$columnStatus}
%s%s%s%s%s%sD
'; -//} +$actionLabel = nexus_trans('label.action'); +$res = $userInfo->tokens()->orderBy("id", "desc")->get(); +if ($res->count() > 0) +{ + $token .= ""; + foreach ($res as $tokenRecord) + { + $token .= ""; + $token .= sprintf('', $tokenRecord->id); + $token .= sprintf('', $tokenRecord->name); + $token .= sprintf('', $tokenRecord->created_at); + $token .= sprintf('', $lang_functions['text_delete'], $tokenRecord->id); + $token .= ""; + } + $token .= '
ID{$columnName}{$columnCreatedAt}{$actionLabel}
%s%s%s获取删除
'; +} $token .= sprintf('
', $actionCreate); tr_small($tokenLabel, $token, 1); $tokenFoxForm = <<
{$columnName}
-
+
@@ -1164,11 +1163,14 @@ jQuery('#add-token-box-btn').on('click', function () { content: `$tokenFoxForm`, btn: ['OK'], btnAlign: 'c', - yes: function () { + yes: function (index) { + layer.close(index); + jQuery('body').loading({stoppable: false}); let params = jQuery('#token-box-form').serialize() - jQuery.post('ajax.php', params + "&action=addToken", function (response) { + jQuery.post('/web/token/add', params, function (response) { console.log(response) if (response.ret != 0) { + jQuery('body').loading('stop'); layer.alert(response.msg) return } @@ -1177,12 +1179,15 @@ jQuery('#add-token-box-btn').on('click', function () { } }) }); -jQuery('#token-box-table').on('click', '.remove-token-box-btn', function () { - let params = {action: "removeToken", params: {id: jQuery(this).attr("data-id")}} +jQuery('#token-table').on('click', '.token-del', function () { + let params = {id: jQuery(this).attr("data-id")} layer.confirm("{$lang_functions['std_confirm_remove']}", {btnAlign: 'c'}, function (index) { - jQuery.post('ajax.php', params, function (response) { + layer.close(index) + jQuery('body').loading({stoppable: false}); + jQuery.post('/web/token/del', params, function (response) { console.log(response) if (response.ret != 0) { + jQuery('body').loading('stop'); layer.alert(response.msg) return } diff --git a/routes/web.php b/routes/web.php index 4f7e4585..9654eae4 100644 --- a/routes/web.php +++ b/routes/web.php @@ -21,6 +21,8 @@ Route::group(['prefix' => 'web', 'middleware' => ['auth.nexus:nexus-web', 'local Route::get('torrent-approval-page', [\App\Http\Controllers\TorrentController::class, 'approvalPage']); Route::get('torrent-approval-logs', [\App\Http\Controllers\TorrentController::class, 'approvalLogs']); Route::post('torrent-approval', [\App\Http\Controllers\TorrentController::class, 'approval']); + Route::post('token/add', [\App\Http\Controllers\AuthenticateController::class, 'addToken']); + Route::post('token/del', [\App\Http\Controllers\AuthenticateController::class, 'delToken']); }); if (!isRunningInConsole()) {